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From: Ellen Lovelace 

Direct Telephone: 214-651-5105 
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Should you havs any problem w'rth this transmission, please call: 214-651-5105 
Message: 

Examiner Lemma, 

Attached please find a draft of a proposed amendment, in response to 
the outstanding final Office action. I look forward to discussing 
the draft with you tomorrow at 2:00 PM EDT. Please do not hesitate 
to contact me if you have any questions. 

Thanks ! ! 
Brandi Sarfatis 
214-651-5896 
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Response to Final Office Action dated May 1 1, 2010 
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Expedited Procedure - Gronp Art Unit 2132 

Patent/Docket No. 26530.92 (IDR-671) 
sr No. 000027683 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of: 

Simpson et al. 



Serial No.: 10/734,935 
Filed: December 12, 2003 



Attorney Docket No. 26530.92 

Customer No. 27683 

Group Art Unit: 2432 > 



DISTRIBUTED DYNAMIC 
SECURITY CAPABILITIES WITH 
ACCESS CONTROLS 



Confirmation No: 22£%gi^ V 
RESPONSE TO OFFICE ACTION DATEIMVTAY' jLl : 2ffl 0 



Mail Stop AF 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 223 13-1450 

^ V 

This paper is submitted in responses . die final Office action dated May 1 1 , 2010, in connection 
with the above-noted application. Mo; feesf Winding extension of time fees, are believed necessary for 
consideration of the present papgr? Hc^yejl if any fees, including extension of time fees are necessary, 
the extension of time is hereby requested, and the Commissioner is hereby authorized to charge any fees, 
including those for the e^te%|ion of time, to Haynes and Boone, LLP's Deposit Account No. 08-1394. 

Amendments tojthc Claims begin on page 2 of this paper, which includes a listing of all claims 
in the application*. 

ion page 6 of this paper. 
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Appl. No. 10/734,935 

o Final Office Action dated May 1 1, 2010 



e Under 37 CFR§ 1.116 
Expedited Procedure - Group Art Unit 2] 32 

Patent/Docket No. 26530.92 (IDR-671) 
Customer No. 000027683 

g of the Claims: 

The text of all claims under examination is submitted, and the status of each is identified. This 
listing of claims replaces all prior versions, and listings, of claims in the application. 

\ 

1. (Currently Amended') A computer-implemented method employing a microprocessor- rc 
access to a document, the method comprising: 

determinin g, using th e microp rocessor, an access right for a user; 




building a member definition comprising a member identifier, an access 4^ 
of access rights of the user , a private key of a key pair for use in encryptmgjhe dqoument, and a digital 
signature, and associating the member definition with the user, - V ^Jj 

linking the member definition to a first data portion of a documern^wherein the document has the first 
data portion and a second data portion, k \ 

receiving a request from the user to access the documcrtt^ 

comparing the request with the access right^an^^. V 

allowing access to only the first data portion in ttc-ordance with the access right : and 
denying access to the second data portion in adeWdance with the access right wherein the denying 
access comprises at least one of loggin^^^^gja^oanregarding the denial of access of access to the second 

ial of access to the second data portion . 

(Canceled) 
(Canceled)^ 

^nalj^The method of claim 1, further comprising adding a new user to the document. 

5. ' (Ojdgmal) The method of claim 1, further comprising removing a member from the document 

v 

6. (Original) The method of claim 1 , further comprising: 
storing the member definition remotely from the document. 
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Response Under 37 CFR § 1.116 
Expedited Procedure - Group Art Unit 2132 

Appl. No. 10/734,935 Patent/Docket No. 26530.92 (IDR-67 1) 

Response to Final Office Action dated May 1 1 , 2010 Customer No. 000027683 

7. (Original) The method of claim 1, further comprising: 
storing the member definition in the document 



(Original) The method of claim 1, further comprising: 
encrypting the document; and 

linking the member definition with a public key and a private key. 



(Original) The method of claim 1, further comprising: 
determining a second access right for the user; 
building a second member definition using the second access e rigln\and^| 
linking the second member definition to a second portion^s&ali^ 



10. (Original) The method of claim 9, wherein the first porHvp of the document and the second portion of 
the document are different. 



>t portion of the dot 



11. (Currently Amended) A computer-iui] > lei : n-nled system for controlling access to a document, 
comprising: 

a microprocessor; 

memory accessible by ^~ - 



a and a second data; 
n associated with the first data, wherein the first member definition contains a 
first user identifier, "ampate key of a first key pair for use in encrypting the first data, and a first access right 
a first user fi&NfceJxl* 

jnd member definition associated with the second data, wherein the second member definition 
^pfeiser identifier, a private key of a second key pair for use in encrypting the second data, and 
;ess right for a second user for the second data; and 

an access controller that receives a request from the first user for access to the document, 
wherein the access controller locates the first member definition and allows access to the first data only and 
denies acce ss to the second data, wherein the denying access comprises at least one of logging information 
regarding the denial of access to the second data, and notifying security personnel regarding the denial of 
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Appl. No. 10/734,935 

Response to Final Office Action dated May 11, 2010 
access to the second data . 



Response Under 37 CFR § 1.116 
Expedited Procedure - Group Art Unit 2132 

Patent/Docket No. 26530.92 (IDR-67 1) 
Customer No. 000027683 



12. (Original) The system of claim 11, wherein the access controller limits access to the document in 
accordance with the first access right and the second access right. A 



13. (Original) The system of claim 11, wherein the first user identifier and the sec^cf^r identifier 
identify the same user and the first access right and the second access right identify-€i^e^n|ac|ess rights. 

.is, Wi% "V 

1 4. (Original) The system of claim 1 1 , wherein the first member defmit^rTcontain/a digital signature. 

1 5. (Original) The system of claim 1 1 , wherein the first member definition ind second member definition 
are stored remotely from the document. 



1 6. (Original) The system of claim 1 1 , wherein tfafefirs^ernte/definition and second member definition 
are stored in the document. l| * 

1 7. (Original) The system of claim J 1 . wherem^the document is a tagged document. 

1 8. (Original) The system je^lpn^vwherein the document is an XML document. 

19. (Original) The-s: t stem of c iann 1 1 , wherein the document is a text document. 

20. (Origina^^^sy|aBm of claim 1 1, wherein the document is a binary document. 

^Amended) A non-transitory computer-readable storage medium comprising a plurality of 
iris%ictioni fdr execution by at least one computer processor, wherein the instructions are for: 

^Itermining a first access right for a first user and a second access right for a second user; 
building a first member definition comprising the first access right, a first user identifier, a private key 
of a first key pair for enabling the first user to encrypt a first portion of a document, and a first digital 
signature; 
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Response Under 37 CFR § 1.116 
Expedited Procedure - Group Art Unit 2132 

Appl. No. 10/734,935 Patent/Docket No. 26530.92 (IDR-671) 

Response to Final Office Action dated May 1 1 , 201 0 Customer No. 000027683 

building a second member definition comprising the second access right, a second user identifier, a 
private key of a second key pair for enabling the second user to encrypt a second portion of the document, and 
a second digital signature; 

linking the first member definition to the first portion of the document; X 
linking the second member definition to the second portion of the document; y^ssss«^. 
storing the first member definition and second member definition remotely from 'meliQctaent; 
encrypting the document; '"^k/^Ws*^ 



receiving a request from a requester to access the document; | ^L„... 
based on the first user identifier and the second user identifier, deternunirig the access right for the 
requester for the first portion of the document and the second portion ^of tfie^ocument; and 

allowing access only to the first portion of the document aiiriYknviim access to the second portion in 
accordance with the first access right, or allowing access onjv f%the second portion of the document and 
denying access to the first portion in accordance with the ;ec i 'i,v: icces's righ t, wherein the denying access 
comprises at least one of logging information regardma-the ; 'deniak)'f access, and notifying security personnel 




5 
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Response Under 37 CFR § 1.116 
Expedited Procedure - Group Art Unit 2132 

Appl. No. 10/734,935 Patent/Docket No. 26530.92 (IDR-671) 

Response to Final Office Action dated May 11, 201 0 Customer No. 000027683 

REMARKS 

Claims 1 and 4-21 are pending. Reconsideration of all pending claims is respectfully requested 
in light of the foregoing amendments and following remarks. As a preliminary matter, Applicants' 
representative would like to thank the Examiner for the courtesies extended during the telephone^ 
conversation conducted July 1, 2010. 



Rejections under 35 U.S.C. S 112 

Claims 1 and 4-21 stand rejected under 35 U.S.C. §1 12, first paragraph^^^u^to comply with 
the written description requirement. In particular, the Examiner asserts iha^^^js^npl'readily apparent 
support" for the limitation "building a member definition comprising.^ privatekey of the private key pan- 
tor use in encrypting the document." In response, Applicants respectfully refer the Examiner to 
paragraph [0021] of the specification, which states that the ejtcry^tion may be accomplished "by 
associating a member definition with a pair of encryption- k^g^^^Sblic and private keys), as is 
understood in the art, and one of the keys could beri^i^^^p^i^mber definition 14." Paragraph 
[0027] goes on to state that "the member definition nwv contain a private key for use in encrypting one or 
more data portions 16 . . . of the document Therefore;, the combination of paragraphs [0021] and 
[0026] provide readily apparent suppojJ.fOTll^H^ett limitation and Applicants therefore respectfully 
request that the subject rejection be. \^mdra'%L^ 

Rejections under 35 U.S^S 101 ^ 

Claims 1 and^2l standrejected under 35 U.S.C. §101 because the claimed subject matter is 
directed to non-statutbry subject matter. In response, Applicants have amended the claims such that they 
with 35 U.S.C. §101, and therefore respectfully request that the rejection be 




Slaims 1 and 4-21 stand rejected under 35 U.S.C. § 103(a) over U.S. Patent No. 5,787,175 
("Carter") in view of U.S. Patent Publication 200670173999 ("Rider") and further in view of U.S. Patent 
No. 7,017,183 to Frey et al. ("Frey"). In response, Applicants respectfully traverse the rejection of the 
claims on the grounds that the combination of references is defective in establishing a prima facie case of 
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Response Under 37 CFR § 1.116 
Expedited Procedure - Group Art Unit 2132 
Appl. No. 10/734,935 Patent/Docket No. 26530.92 (IDR-67 1) 

Response to Final Office Action dated May 1 1 , 20 1 0 Customer No. 000027683 

obviousness with respect to all of the claims. 

In particular, claim 1 requires, inter alia: 

building a member definition comprising a member identifier, an access control list 
comprising a list of access rights of the user, a private key of a key pair for use in 
encrypting the document, and a digital signature, and associating the member definitionS*. 
with the user; [and] ^<^ms^^ 

denying access to the second data portion in accordance with the access right, ^ereirt^ef 
denying access comprises at least one of logging information regarding the den^an§£acce$s, 
and notifying security personnel regarding the denial of access. ^^J^"* 

The cited combination is devoid of any teaching of the foregoing elements. With regard to the first 
element noted above, the Examiner concedes that Carter and Rider fail toSe^^^^CL, for which Frey is 
cited. However, neither of the elements noted by the Examiner as i eadSg on the claimed ACL (i.e., the ACL 
sync map 438 and the ACL 144) comprise a list of access rights bf the user, as recited in claim 1 . On the 
contrary, the ACL 1 44 is described by Frey, at column 3, hne^g^.^ V ascomprising "for each external object, 
a list of the portal users and portal groups that may aj^jss^e object" Therefore, unlike the claimed ACL, 
which is associated with a particular user and specifies the&ccess rights of that user, the ACL described by 
Frey is associated with an object and compres«La list of^sers that may access the object. 

Additionally, with regard to l i second --lenient noted above, none of the references disclose wherein 
the denying access comprises loggmg|nforn%ticlff'and/or notifying security personnel regarding the denial of 
access to the second data portio^ ^^w' 

In view of all of thj^regolit&it is apparent that the cited combination fails to teach or suggest the 
invention as recited in^ahn^k therefore, the rejection is not supported by the cited combination and should 
be withdrawn. Claih%y,#and 2f include limitations similar to those of claim 1 and are therefore also deemed 
to be in conditio >n ivyill owance for at least the same reasons presented above. Claims 4- 1 0 and 1 2-20 depend 
from andjGi&er limit claims 1 and 1 1 and therefore are deemed to be in condition for allowance for at least 
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It is clear from all of the foregoing that all of the pending claims are now in condition for allowance 
and prompt notification to that effect is therefore respectfully requested. The Examiner is invited to contact 
the undersigned at the numbers provided below if further discussion is required. 



Respectfully submitted, 



Brandi W. Sarfatis 
Registration No. 37,713 



Dated: 

HAYNES AND BOONE, LLP 
2323 Victory Ave., Suite 700 
Dallas, Texas 75219 
Telephone: (214) 651-5896 
Facsimile: (214) 200-0848 
File: 26530.92 

D-1823391J.DOC 
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I hereby certify that this correspondence is being filed with 
the United States Patent and Trademark Office via EFS-Weh 
on the following date. 
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